Bài giảng An toàn thông tin cho môi trường ảo hóa và điện toán đám mây

New though of Security for Cloud Computing Copyright 2011 Trend Micro Inc Classification 4/6/2011 1 An toàn thông tin cho môi trường ảo hoá và điện toán đám mây Khoi Ngo � Country Sales Manager Trend[.]

An toàn thông tin cho môi tr ường ảo

Khoi Ngo • Country Sales Manager

Trend Micro Vietnam

N ội dung

Quan điểm mới về An toàn thông tin v ới điện

toán đám mây: ngăn chặn hiểm hoạ trước khi

t ới được máy tính với thông tin nhận dạng cập

nh ật từ đám mây

An toàn thông tin v ới môi trường ảo hoá: những

v ấn đề ti ềm ẩn và gi ải pháp.

Ch ọn giải pháp an toàn thông tin cho các hệ

th ống ảo hoá để gi ảm chi phí qu ản lý và tăng hệ

s ố đầu tư (ROI).

1

2

3

Copyright 2011 Trend Micro Inc.

Mã độc, virus, malware, spyware…

TrendLab 2010: 3 bi ến

th ể m ới/1.5 giây…

Malware chi ếm 90% các

mã độc ghi nhận được

—2009 Verizon Security Report

malware m ới mỗi ngày…

Web Reputation

Email Reputation

File Reputation

EMAIL

SPAM

THREAT S

WEBSITES

Employee Devices

Corporate Data & Systems

FILES

THREAT S

The Smart Protection Network

Endpoint Datacenter Messaging Web

DataTrend Micro Enterprise Security

WRS prevents access to malicious URLs

Trend Micro Enterprise Security

Endpoint Security

PC, Laptop, Mobile Device Security

Extensive Platform/OS Support

Unified Security & Systems Mgt

Data Protection

Data Loss Prevention

Email & Endpoint Encryption

Data Center Security

Business Server Security

Protection, Integrity, Compliance

Physical/Virtual/Cloud Computing

Messaging Security

Email Gateway Security Mail & Collaboration Server Security

Central Management

Centralized Security Mgt Unified Security & Systems Mgt

Th ời gian đưa ra bản vá cho mã độc mới

Titanium is faster than any of its competitors at providing

protection against newly identified web threats

Average time after first exposure for security vendor to  provide protection against a new threat

source:  NSS Labs Report, “Endpoint Protection Products Test Report for Socially Engineered Malware”, September 2010

Malware b ị phát hi ện và ngăn chặn trước khi phát tác

Titanium is the best at catching web threats before they execute on a user’s computer

source:  NSS Labs Report, “Endpoint Protection Products Test Report for Socially Engineered Malware”, September 2010

# malware tested = 1122 error bars are 95% confidence interval for number of malware tested

#1

Malware Caught before Execution

%of malware attacks blocked before being executed on the endpoint 

N ội dung

Quan điểm mới về An toàn thông tin v ới điện toán đám mây: ngăn chặn hiểm hoạ trước khi tới được máy tính v ới thông tin nhận dạng cập nhật từ đám mây

An toàn thông tin v ới môi trường ảo hoá:

nh ững vấn đề ti ềm ẩn và gi ải pháp.

Ch ọn giải pháp an toàn thông tin cho các hệ

th ống ảo hoá để gi ảm chi phí qu ản lý và tăng hệ

s ố đầu tư (ROI).

1

2

3

Copyright 2011 Trend Micro Inc.

IT Production Business Production ITaaS

1 2 3 4 5 6 7 8 9 10 11 12

Vi rtu ali zat

io n

Ad op tio n R

at e

VMware and Trend Micro help customers address these issues, and accelerate the journey

Inter-VM visibility & attacks

Instant-on gaps

Host controls under-deployed Complexity of Management

08-31

Security Challenges Defined

(Explains the security and compliance challenges previously outlined)

1

2

Host-based controls under-deployed

File Integrity Monitoring, host IDS/IPS and

anti-malware are often under-deployed, because of cost,

complexity or performance

3

Inter-VM visibility & attacks

Traditional network security devices cannot detect

or contain malicious inter-VM traffic.

4

Instant-on gaps

It’s all but impossible to consistently provision

security to “instant-on” VMs, and keep it up-to-date

Dormant VMs can eventually deviate so far from the

baseline that merely powering them on introduces a

massive security hole.

5

Mixed trust level VMs

Workloads of different trust levels are likely being

consolidated onto a single physical server without

sufficient separation

6

Compliance/Lack of audit trail Higher levels of consolidation put greater stress on the ability to ensure compliance, particularly amongst mission critical / Tier 1 applications As well, virtualization makes it more difficult to maintain audit trails, and understand what, or by whom, changes were made.

7

Resource contention

Resource-intensive operations (AV storms &

pattern-file updates) can quickly result in an extreme

load on the system.

8

9

Data confidentiality & integrity Unencrypted information in cloud environments is subjected to various risks including theft,

unauthorized exposure and malicious manipulation

1 0

Data access & governance RESTful-authentication* in the cloud can be susceptible to brute force and hijacking, attacks allowing unauthorized data access Breakdown in the separation of duties might allow unauthorized vendor access to data (* REpresentational State Transfer)

1 1

Diminished perimeter Security mechanisms are under the cloud service provider’s control and perimeter security

mechanisms are significantly diminished.

1 2

Multi-tenancy

In cloud environments, your VMs exist with other unfamiliar, potentially hostile VMs with unknown security.

Data destruction Some cloud providers do not overwrite storage before recycling it to another tenant; in some cases where the storage is overwritten, data may be vulnerable after a system crash or unexpected termination.

Complexity of Management

Virtualization has led to the proliferation of more

virtual machines (VM sprawl) than their physical

predecessors, leading to increased complexity in

provisioning security agents to each VM, and

constantly reconfiguring, patch and rolling out

patterns to each VM.

Securing Servers the Traditional Way

Inter-VM attacks

1

Mixed trust level VMs

ERP

Data confidentiality and integrity

R ủi ro về an ninh thu ộc về khách hàng s ử d ụng

6

The cloud user is responsible for security, and needs to plan accordingly

Patch agents

Rollout patterns

Provisioning new VMs

Complexity of Management

7

Reconfiguring agents

Agent-less Security Architecture

Deep Security Manager

vShield Endpoint ESX Module

vShield Endpoint ESX Module

vCenter

Thin Driver

vShield Manager

Trend Microproduct components

Trend Micro

product components

vShield Endpoint Components

vShield Endpoint Components

VMware Platform

Trend Micro

filter driver

VMsafe-net API

vShield Endpoint API

Legend Æ

Copyright 2011 Trend Micro Inc 25

Hypervisor-Powered Security Architectures

• VMsafe enables you to supplement perimeter defense

Hypervisor-Powered Security Architectures

Security that is Cloud-Ready

application and data

protect server in multi-tenant environment

Endpoint

Deep Security Summary

Antivirus Detects and blocks malware (web threats, viruses & worms, Trojans) (PCI*)

Detects malicious and unauthorized changes

to directories, files, registry keys (PCI*)

N ội dung

Quan điểm mới về An toàn thông tin v ới điện toán

đám mây: ngăn chặn hiểm hoạ trước khi tới được máy tính v ới thông tin nhận dạng cập nhật từ đám mây

An toàn thông tin v ới môi trường ảo hoá: những

v ấn đề ti ềm ẩn và gi ải pháp.

Ch ọn giải pháp an toàn thông tin cho các hệ

th ống ảo hoá để gi ảm chi phí qu ản lý và tăng

h ệ s ố đầu tư (ROI).

1

2

3

Tolly Report

Test Environment

Tolly Report

• Third party lab test of DS Agentless AV

with traditional AV

• Symantec Endpoint Protection 11.0 and

McAfee VirusScan Enterprise 8.7 were tested

• Symantec/McAfee consumed more virtual

system resources (CPU, Memory, Disk) in both

idle and storm conditions

• Symantec/McAfee could not scale to support

over 25 desktop VMs/host

• Tolly Group report projects that Trend can

support 2-3 times desktop VM density as these

other solutions.

• Report is hosted on

www.trendmicro.com/virtualization as well as

on Tolly.com

Tolly Report

over baseline for each resource at

McAfee consumed 1.7 to 8.5 times

the Trend Micro resource overhead

Tolly Report

McAfee depicted ‘storm’

symptoms with resource usage

from 3.4 times to 12 times as

DS AV.

not be tested beyond 25

desktop VMs

as being able to support

100 VMs per host

Tolly Report

updates also led to AV

storms with Symantec

Copyright 2011 Trend Micro Inc.

State of Enterprise Security Today

Internal Analysis

Malicious Traffic Collection

IP’s over a 3 year period

External Analysis

Enterprise Threat Assessments

Physical Servers

Virtual Servers

Datacenter Corporate Network

Trend Micro – Securing your Journey to the Cloud

Trend Micro’s real world protection

validated by third party test labs

Note: If multiple products from one vendor were evaluated,

then vendor’s vest performance is listed.

0 1 2 3 4 5 6 7 8 9 10

11

Sep 2009 Sep 2009 Dec 2009 Jun 2010 Jun 2010 Jul 2010 Sep 2010 Oct 2010 Oct 2010 Corporate Consumer Corporate Corporate Corporate Consumer Consumer Corporate SMB NSS Labs NSS Labs AV-Test NSS Labs AV-Test

Dennis Technology Labs NSS Labs AV-Test AV-Test

Trend Micro Symantec McAfee Kaspersky ESET

Improves Security

by providing the most

secure virtualization infrastructure,

with APIs, and certification programs

Improves Virtualization

by providing security solutions architected to fully exploit the VMware platform

Better-than-physical security

for VMware customers

Security That Fits: Your Partner to the Hybrid Cloud

Trend Micro helps you maximize your current investments, not replace them,

Threat Intelligence

EndpointSecurity

ServerSecurity